Thanks for requesting a demo

How can SecureForm Help You?

LuxSci provides rock-solid HIPAA compliance for our company at a reasonable cost. They are prompt, professional, and always go the extra mile to ensure our needs are met. The amount of customization and personal service we receive from LuxSci far exceeds any other company we have worked with in the same price range."

Thomas House . Marketing Manager . Eye Consultants of Atlanta .

How SecureForm Works

1. SecureForm Setup

Use our web interface to configure what happens to the data that is submitted via your
form. There are a variety of options available, allowing you to totally customize how your forms
behave and how the data is processed.

Use Form Builder to visually create your form.

Otherwise, getting started with SecureForm is as easy as 1-2-3:

You design your own web site forms and/or PDF forms.

Use our web interface to configure what happens to the data that is submitted via your
forms.

Point your form to the web address that we provide to you.

That's it!

2. SecureForm Processing: End-user Perspective

Web Site Forms

If your form is setup as a web page on your site or created using FormBuilder:

A user visits your web site and fills out your web form.

When they have completed filling out the form, they press the "Submit" button.

The data they entered is sent to LuxSci via the secure web address we provide to you.

If the data is sent successfully, the visitor is redirected to a "Success" page on your web site.

If the data could not be sent successfully, the visitor is redirected to a "Failure" page on your web site instead.

Note that this process is always the same regardless of where your web site is hosted.
Also, unless your web form is misconfigured, the visitor will never be redirected from
your web site and will always see your URLs in the address bar. With web site
forms, the submission process to LuxSci's servers is always fully transparent
to the user.

PDF Forms

If your form is in a PDF, the process is similar:

The user opens your PDF file and fills out the form.

When they have completed filling out the form, they press the "Submit" button.

The data they entered is sent to LuxSci via the secure endpoint web address we provide to you.
For PDFs, the user may be prompted to first confirm that they trust the address to where the form data is being sent.

On success, the user is shown your custom "Success PDF".

On failure, the user is shown your custom "Failure PDF".

3. Your SecureForm Results: Delivered

Choose your Integrations

Where would you like your data to be saved or sent?

Database. Instead of a file,
have your data uploaded directly to a MySQL database. Access that data online
through our reporting tools.

For custom enterprise environments, you get to choose the security features that you want included.

Performance & reliability

Shared secure-form processing uses our redundant, load-balanced array of SecureForm procssing servers; however,
your hosted databases and such are located on a shared server.
For dedicated servers, you get to size the server to match your performance requirements.
For custom enterprise environments, you get to choose the reliability features that you want included.

HIPAA Compliance Available?

HIPAA compliance is available for all SecureForm accounts except the 3-form shared options.

FormBuilder

PDF Hosting

PDFs are hosted in Amazon AWS and are made available through Amazon CloudFront.

PDF & HTML Templates

Ink Signatures

Secure Email via SecureLineTM

All Integrations

Location

USA

USA or Custom

Texas, USA

LuxSci's services are provided on servers located in USA-based data centers (RackSpace or Amazon).

*Business Class dedicated servers can be provisioned in RackSpace and Amazon data centers around the world
if requested by the customer. There may be an additional setup fee for a non-standard location.

When ordering shared SecureForm services, SecureForms are processed through a shared Enterprise Class cluster and your data
is saved on a shared Business Class or Enterprise Class server.

Dedicated solutions are ideal for isolating both your data and the processing of your data from everyone else.
Dedicated SecureForm Processing servers require servers with a minimum of 2 CPU cores and 4 GB of memory.

Custom backup/retention Schedules?

Dedicated server customers can choose custom backup frequencies and retention schedules; this
may come with an additional cost. Contact sales for more information.

Account isolation: No other LuxSci customers have access to your server. No shared servers.

In a shared solution, many 100s or 1000s of separate customers share the same server. Security replies on logical
and software partitioning of access and resources. Shared solutions are inherently less secure, have
less consistent performance, but are less expensive. Dedicated servers are recommended for when security and
consistent performance are important.

Server isolation: All servers running on the same hardware belong to LuxSci. No public cloud servers.

In the Business Class environment, your server is in a Public Cloud. This means that other servers running
on the same underlying hardware (hypervisor) may be owned by organizations unrelated to LuxSci. This provides
some security risk compared to use of LuxSci's Private Cloud Enterprise Class environment,
where LuxSci owns the underlying hardware and is in control of all servers running on it.
Additionally, the Business Class environment may have less consistent
performance due to the possibility of "noisy neighbor" servers outside of LuxSci's control.

Ultra-reliable: proof against hardware failure

Enterprise Class servers are virtual machines that run on a redundant VMWare cluster. If one of the underlying
hypervisors should have a hardware issue, all servers running on it are immediately rebooted on
another hypervisor, limiting potential downtime to seconds.

Choose Enterprise Class when server uptime is a very high priority.

Multiple servers/server clusters

Private Label Branding

available

Private Label branding is optional on shared accounts. It starts at $25/mo. Private
Label branding is required for dedicated SecureForm processing servers and is thus included in the "Starting Price"
listed below.

FAQs: Perhaps you were wondering...?

Yes. SecureForm integrates with any web or PDF form hosted anywhere.
A few minutes is all that it takes to update an existing form to send its
data to SecureForm for processing and delivery or storage.

We do not make your forms. You or your web designer can modify your
existing forms, make new forms hosted elsewhere, or use SecureForm visual form builder to make and host new
forms. We do provide custom consulting services for form design. This is
$250/hour.

You don't need programming skills when using the SecureForm visual
form builder or PDF forms. When designing or updating your
existing/external web forms, you or your web designer will have to edit a
couple of lines of HTML code to direct the form submissions to SecureForm;
if a content management system such as Gravity Forms for Wordpress
generates or dynamically manages your forms, then you may need a little
coding to integrate SecureForm.

When using SecureForm, data transmits from the end-user's browser (or
PDF) to LuxSci, encrypted using strong TLS
ciphers. Once it arrives, what happens next depends on the
integrations you configure; the security of the results is then, to a
certain degree, your choice. For example:

SecureChat: You can send form data to recipients securely using our SecureChat real-time communication
and collaboration system. These messages are AES-256-encrypted at rest and encrypted via TLS during transmission.

Secure FTP: You can upload data and files to your server using Secure FTP and a strong cipher like AES 256.
Once the files are there, their security is up to you.

MySQL Database: You can save your form data to a
database and you have the option of having all files and
data encrypted at rest with native AES encryption.

WebAide File Storage: You can save your form data to our WebAide Documents collaborative online file storage
system. You can choose to have this data be automatically and seamlessly PGP-encrypted.

You do not need your own TLS certificate to use SecureForm; however, if
you are hosting your forms on your own website, we do recommend
that you secure that site with TLS to protect your form pages themselves
from alteration/hacking before getting to your end users.

SecureForm includes detailed reports of all successful form posts,
and of many kinds of post failures (including emailed alerts of important
types of failures). If saving your data to a hosted database, SecureForm
provides an audit trail of views and deletions (if such are permitted) of
all rows of posted data accessed via our API or or Web-based Form Database
viewer.

Yes. Users of your web-based forms can sign a written signature using
their mouse, stylus, or finger, and it's possible to capture and deliver
that signature along with your form post. The post can even auto-append to
refilled PDF templates or inserted inline in refilled HTML templates. See
Ink Signatures.

Form Configuration

You supply links to your own success and failure web pages; the end user is shown these once the form posting completes. For PDF forms, you supply your own success and failure PDF documents to be displayed to the end user once the form post is complete.

PDF Forms: Custom success and failure PDFs

You can upload a PDF to show on successful form submission and, optionally,
one to display on failure.

The success PDF can be a "template" so that form data can be re-filled
back into it before it is sent back to the user. This allows you to either
give the user a copy of the completed form or
a personalized success page.

Ink Signatures: Capture hand written signatures in web forms.

Supports up to 25 files & 50 MB of data in each form post.

All posted files are automatically scanned for viruses; posts with viruses are rejected.

Integrate with client-side AJAX form submission

Forms can be configured to return only HTTP status codes (e.g. 200 for success, and 400+
for failure) so that your web site JavaScript processes can submit forms, know if the
submission was successful or not, and then take further custom actions based on the result.

This "AJAX Mode" is useful for:

Auto-detecting and handling any kind of submission failure.

Performing "behind-the-scenes" form posts

Complex business logic

Continuing operation on the same page after the form post is complete (e.g.
after re-drawing part of the page).

Any situation where you do not want to navigate away from the current page.

Suppress/skip selected form fields

Internationalization: all form data converted to UTF-8

Dynamically name refilled template files with field values and time/date stamps.

When using PDF or text template files, you can specify rules for file name creation so that
each post can have a different or unique name. You can insert date and time data as well as
content from the form post itself.

You provide a Template (PDF or other format) and SecureForm refills it and saves that temporarily.
SecureForm passes a link to your "Success" web form page; you display that link to your
end user (the "Success" page must be dynamic and not plain HTML). The end user has one
hour to download that file.

SSL is used for the download link if you are using SSL for your form posts

Branding is used for the download link if you have Private Labeling for your SecureForm

Only someone at the end-user's IP Address uses this special download link.

The temporary download expires in 1 hour

Compatible with Ink Signatures -- the signatures will be appended to PDF templates.

Note that you must have the ability to program your web form success page so that it can
read the passed web address and display that to the end user as a link.

This feature only works with Web Forms.

PDF form submit via HTML, FDF, or full PDF document

Send to Email

Use enforced TLS Only,
SecureLineTM Escrow,
or PGP, or
S/MIME encryption for secure email messages. Forced TLS and Escrow options requires a SecureLineTM license.
Bring your own PGP or S/MIME certificate or have us generate one for you.

Receive data in any supported format

Email data to up to 10 recipients with optional individual encryption

Email data securely to address(es) submitted from your form

SecureLineTM can look at the value submitted in a specified form field to find the email address to which to send your form data. This
email can be secured with SecureLineTM Escrow, no matter what the address is.

Customize subject line, 'From' name, and 'From' address for the form data messages

Dynamic subject lines for the form data messages using field values (except HIPAA)

Receive data as re-filled template file (PDF/HTML/XML/other)

Upload a PDF form and have the submitted data re-filled into the form fields and saved either as an editable or not-editable PDF. A file with place holders that are replaced with your form data on submission. This file could be HTML, XML, or any other textual format.
HTML Templates can be auto-converted to PDF for you.

Upload a PDF form and have the submitted data re-filled into the form fields and saved either as an editable or not-editable PDF. A file with place holders that are replaced with your form data on submission. This file could be HTML, XML, or any other textual format.
HTML Templates can be auto-converted to PDF for you.

MySQL storage is automated so that no special database setup or maintenance is needed and it works with any web or PDF form.

Changes to your form fields are automatically reflected in the MySQL database, with no work required by you.

MySQL Encryption

Encryption at rest for MySQL-saved form posts.

You can optionally choose to have your MySQL-saved form data encrypted cell-by-cell using native-MySQL AES encryption commands
using an encryption key unique to your form which is not saved in plain text anywhere on LuxSci. Use our "Online reporting tools"
to view the encrypted data, or connect directly to your database and use MySQL AES_DECRYPT commands, together with your key,
to access the data on demand.

API, Reporting & Notifications

If you are saving SecureForm data to a hosted database, you can use our API to
query this database, download rows and files, and delete rows and files. The API functions
make it easy to discover what posts are new or happened in a specific time frame, and to synchronize
post data with your own external systems.

Email, Securechat, and text message notices of each form post, sent up to 10 recipients.

Upgrades

HIPAA-compliant Form

When operating your website or database, you need to ensure that all
sensitive client or patient information is secure and protected from
unapproved eyes. This means using secure web forms. Unsecured forms and
legal documents can provide easy access for hackers to infiltrate and
collect confidential information, which is why LuxSci developed a secure
web form solution. LuxSci's SecureForm processing allows you to add and
store HIPAA- (Health Insurance Portability and Accountability Act)
compliant patient forms, tax documents, legal forms, etc., in order to
ensure your online services stay protected and legal.

SecureForm seamlessly integrates with any of your company's current web
or PDF forms. SecureForm is compatible with any CMS (including WordPress),
as well as custom-coded pages made using PHP, .NET, and any other
language. You can save your data in multiple formats: plain text,
two-column html, CSV (Excel), XML, refilled custom templates (HTML, XML,
or other), and refilled PDF templates (even with data from Web forms). Our
SecureForm FormBuilder allows you to use our web interface to configure
and customize your own forms without any coding knowledge. SecureForm
ensures that your data remains protected during transmission, using TLS
encryption, and at rest, using PGP and/or AES encryption. Note: if you are
a LuxSci HIPAA customer, SecureForm automatically configures for your
compliance.

Secure Digital Signature Forms

One of our exciting HIPAA-compliant SecureForm features is Ink
Signatures. LuxSci's Ink Signatures are simple
web-based agreement boxes that allow you to easily capture the authentic
handwritten signatures of anyone filling out a SecureForm-enabled web form.
There's no special software or technical knowledge required; you can sign
with a mouse, a stylus, or a touchscreen. This user-friendly feature
provides an easy way to establish signed agreements and is much easier to
implement than standard digital signatures.